Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2018-10815

    An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.... Read more

    Affected Products : cloudera_manager
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10814

    Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.... Read more

    Affected Products : synaman
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10813

    In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded s... Read more

    Affected Products : dedos-web
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2018-10812

    The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android... Read more

    Affected Products : bitcoin_wallet
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10811

    strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.... Read more

    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10810

    chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header.... Read more

    Affected Products : livezilla
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10809

    In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exist... Read more

    Affected Products : 2345_security_guard
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10806

    An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.... Read more

    Affected Products : frog_cms frogcms
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10805

    ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10804

    ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10803

    Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This c... Read more

    Affected Products : manageengine_netflow_analyzer
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10801

    TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.... Read more

    Affected Products : libtiff
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10799

    A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element.... Read more

    Affected Products : brave
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10798

    A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second.... Read more

    Affected Products : brave
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10796

    In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014.... Read more

    Affected Products : 2345_security_guard
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10795

    Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/... Read more

    Affected Products : liferay_portal liferay
    • Published: May. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10790

    The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac.... Read more

    Affected Products : bento4
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10780

    Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.... Read more

    Affected Products : exiv2
    • Published: May. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10779

    TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.... Read more

    Affected Products : ubuntu_linux libtiff
    • Published: May. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10778

    Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability tha... Read more

    Affected Products : mp3gain
    • Published: May. 07, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293642 Results